System and method for issuing a certificate to permit access to information

1. A system for issuing a certificate to permit access to information, the system comprising: a memory storing a directory that includes biometric data, and contextual data regarding subscribers; an identification service processor module configured to receive dynamic biometric data and dynamic contextual data regarding an individual when that individual is located within an area, and to receive from the memory at least one of stored biometric data or contextual data for the individual so as to provide an identity estimate and a level of certainty indicator of an identity match based on a comparison of the dynamic biometric data and the dynamic contextual data regarding the individual to the stored biometric data and the stored contextual data regarding the subscribers, a registration authority processor module configured to receive the identity estimate and the level of certainty indicator from the identification service processor module, and to determine that a certificate should be issued to the individual when a level of certainty indicator of a first identity estimate is greater than a predefined level, and the first identity estimate is greater than a second identity estimate by a specific value, prior to the individual reaching a computing device; and a certificate authority processor module configured to issue the certificate to the computing device when it is determined that the certificate should be issued, wherein the certificate will allow the individual to use the computing device to access an information system.

2. The system of claim 1 , in combination with a computing device, wherein the computing device comprises: a security key pair stored in a memory to allow an individual to access an information system upon receipt of the certificate for that individual.

3. The system of claim 1 , comprising: a location service processor module configured to receive a notification indicating presence of an individual within the area, the location service processor module being configured to receive the dynamic biometric data and the dynamic contextual data regarding an individual from at least one sensor, and to determine when that individual is within a predetermined distance of the computing device.

4. The system of claim 3 , wherein the location service processor module is configured to notify the registration authority processor module when an individual is determined to be within the predetermined distance of the computing device.

5. The system of claim 3 , wherein the location service processor module is configured to create a record of movement of an individual about the area over time.

6. The system of claim 5 , wherein the record of movement of the individual includes information regarding one or more guests that accompany the individual in the area.

7. The system of claim 3 , wherein the registration authority processor module is configured to query the identification service processor module for the identity estimate of an individual and the level of certainty indicator when the location service processor module has determined that individual to be within the predetermined distance of the computing device.

8. The system of claim 3 , wherein the identification service processor module is configured to receive the dynamic biometric data and the dynamic contextual data regarding an individual from the location service processor module, and the identification service processor module is configured to receive the stored biometric data and the stored contextual data regarding subscribers from the directory.

9. The system of claim 3 , wherein the predetermined distance is 1 to 2 feet.

10. The system of claim 1 , wherein the registration authority processor module is configured to receive information that indicates when an individual has moved away from the computing device or has disengaged from the computing device, and to use the information to decide whether to revoke the certificate when the registration authority processor module has determined that individual to have moved away from the computing device or to have disengaged from the computing device.

11. The system of claim 1 , comprising: one or more sensors configured to detect presence and location of an individual.

12. The system of claim 1 , wherein the identification service processor module is configured to periodically update the identity estimate and the level of certainty indicator.

13. The system of claim 1 , wherein the identification service processor module is configured to perform the comparison by using at least one of the dynamic biometric data, or the dynamic contextual data as an index to the memory for an indirect comparison, and to receive the other of the stored biometric data and the stored contextual data in response thereto for a direct comparison to the other of the dynamic biometric data and the dynamic contextual data.

14. The system of claim 1 , wherein the level of certainty indicator is at least one number.

15. The system of claim 1 , wherein the first identity estimate is identified to be one of the identity estimate with a highest level of certainty indicator, and the second identity estimate is identified to be one of the identity estimate with a second highest level of certainty indicator.

16. The system of claim 1 , wherein the level of certainty indicator is determined by weighting each type of the dynamic contextual data and the dynamic biometric data according to a respective reliability factor, and the dynamic contextual data and the dynamic biometric data include multiple types of data.

17. A method for issuing a certificate to permit access to a computing device, comprising: storing biometric data and contextual data regarding subscribers in a memory; receiving dynamic biometric data and dynamic contextual data of an individual when the individual is located within an area; receiving at least one of stored biometric data, or contextual data for the individual from the memory; determining an identity estimate and a level of certainty indicator of an identity match based on a comparison of the dynamic biometric data and the dynamic contextual data with the stored biometric data and the stored contextual data; and issuing the certificate to the individual when a level of certainty indicator of a first identity estimate is greater than a predefined level, and the first identity estimate is greater than a second identity estimate by a specific value, prior to the individual reaching the computing device.

18. The method of claim 17 , comprising: storing a security key pair in a memory of the computing device; and using the certificate and the security key pair to access the information system.

19. The method of claim 17 , comprising: receiving a notification indicating presence of the individual within the area; receiving the dynamic biometric data and the dynamic contextual data regarding the individual from at least one sensor; and determining that the individual is within a predetermined distance of the computing device.

20. The method of claim 19 , comprising: outputting a notification after the individual is determined to be within the predetermined distance of the computing device.

21. The method of claim 19 , comprising: creating a record of movement of the individual about the area over time.

22. The method of claim 21 , comprising: augmenting the record of movement of the individual with information regarding one or more guests that accompany the individual in the area.

23. The method of claim 19 , comprising: querying for the identity estimate of the individual and the level of certainty indicator when the individual is determined to be within the predetermined distance of the computing device.

24. The method of claim 19 , wherein the predetermined distance is 1 to 2 feet.

25. The method of claim 17 , comprising: receiving information that indicates that the individual has moved away from the computing device or has disengaged from the computing device; and deciding whether to revoke the certificate when it is determined that the individual has moved away from the computing device or has disengaged from the computing device.

26. The method of claim 17 , comprising: detecting, with one or more sensors, presence and location of the individual.

27. The method of claim 17 , comprising: periodically updating, the identity estimate and the level of certainty indicator.

28. The method of claim 17 , wherein the comparing includes using at least one of the dynamic biometric data, or the dynamic contextual data as an index to the memory for an indirect comparison, and receiving the other of the stored biometric data and the stored contextual data in response thereto for a direct comparison to the other of the dynamic biometric data and the dynamic contextual data.

29. The method of claim 17 , wherein the level of certainty indicator is at least one number.

30. The method of claim 17 , comprising: identifying that the first identity estimate is one of the identity estimate with a highest level of certainty indicator; and identifying that the second identity estimate is one of the identity estimate with a second highest level of certainty indicator.

31. The method of claim 17 , wherein the level of certainty indicator is determined by weighting each type of the dynamic contextual data and the dynamic biometric data according to a respective reliability factor, and the dynamic contextual data and the dynamic biometric data include multiple types of data.